CVE-2009-2958

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.50

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash due to a NULL pointer dereference. This can be achieved by sending a TFTP read request with a malformed blksize option. The vulnerability can be exploited when the --enable-tftp option is used.

Recommendations For versions prior to 2.50, update to version 2.50 or later to resolve the issue. As a temporary workaround, consider disabling the tftp request function or restricting the use of the TFTP service until a patch is available. Avoid using the blksize option in TFTP read requests until the issue is resolved.